Takedowns only slow activity: According to Jeremy Kirk, executive editor for cyber threat intelligence at research company Intel 471, police have been closing in on the individual groups represented in Scattered Lapsus$ Hunters for more than three years. This included arresting alleged members. Whether this damaged the group in the long run remained to be seen.”Law enforcement has set precedents over the last few years by repeated take downs, and threat actors know it is riskier and riskier to administer these forums,” said Kirk. “From a cyber threat intelligence perspective, centralized forums provide much visibility into access brokering, data leaks and more.” However, he added, while “domain seizures are tactical victories, threat actors often have backups of their forum software and data and can launch the forums again.”According to Kirk, “that activity doesn’t stop when forum infrastructure is disrupted, but scatters elsewhere to places such as Telegram, where it can be more challenging to follow.”As long as other members remain at large, Kirk continues to be pessimistic that police action would do much beyond slowing activity for a while.
Stolen data remains at risk: Meanwhile, other data stolen during the Salesforce campaign will remain at risk. It’s highly likely that this will be leaked to other criminal enterprises at some point. It’s this simple asymmetry that has turned data breaches into a huge business: stolen data can never be un-stolen and exists in a breached state forever. This remains true whether a ransom is paid or not.”We don’t expect these threat actors’ activity to abate, and they remain a real threat to enterprises due to their skill in social engineering, and intimate knowledge of helpdesk procedures and enterprise software supply chains,” said Kirk.This points to another underlying problem that allows ransomware actors to resurrect themselves: they often know where the weaknesses in technology and processes lie before the defenders do. Why? To speculate, because criminals look for them, whereas defenders have reasons not to.Those criminals are also joining forces to become more effective; Scattered Lapsus$ Hunters isn’t the only alliance in the cybercrime world. In another recent development, three of the biggest Russian ransomware operations, DragonForce, Qilin, and LockBit, announced that they’d formed a criminal cartel aimed at coordinating attacks and sharing resources in response to what they described as a “challenging” extortion environment.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4072244/scattered-lapsus-hunters-extortion-site-goes-dark-whats-next.html
